[PATCHES BUG 13831] winbind: Use domain name from lsa query for sid_to_name

Christof Schmitt cs at samba.org
Tue Mar 12 18:49:03 UTC 2019


Pipeline is running at:
https://gitlab.com/samba-team/devel/samba/pipelines/51499748

Christof

On Tue, Mar 12, 2019 at 11:47:03AM -0700, Christof Schmitt via samba-technical wrote:
> From 030f2de3fe755a682c67e4957436aa86744a144e Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Mon, 11 Mar 2019 16:26:48 -0700
> Subject: [PATCH 1/6] nsswitch: Add testcase for checking output of wbinfo
>  --sid-to-name
> 
> The username should always be returned in the DOMAISHORTNAME/USERNAME
> format.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
> 
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
>  nsswitch/tests/test_wbinfo_name_lookup.sh | 15 +++++++++++++++
>  selftest/knownfail                        |  1 +
>  2 files changed, 16 insertions(+)
> 
> diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
> index c1d39c1a602..ee8ae11f4b1 100755
> --- a/nsswitch/tests/test_wbinfo_name_lookup.sh
> +++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
> @@ -31,6 +31,21 @@ testit "name-to-sid.upn" \
>         $wbinfo -n $DC_USERNAME@$REALM || \
>  	failed=$(expr $failed + 1)
>  
> +testit "name-to-sid.realm-user" \
> +       $wbinfo -n $REALM/$DC_USERNAME || \
> +	failed=$(expr $failed + 1)
> +
> +# For the name-to-sid.realm-user query, ensure
> +# that this does not change subsequent sid-to-name
> +# queries.
> +sid=$($wbinfo -n $REALM/$DC_USERNAME | sed -e 's/ .*//')
> +out=$($wbinfo -s $sid | sed -e 's/ .//')
> +# winbindd returns usernames in lowercase
> +lcuser=$(echo $DC_USERNAME | tr A-Z a-z)
> +testit "Verify DOMAIN/USER output" \
> +       test "$out" = "$DOMAIN/$lcuser" || \
> +	failed=$(expr $failed + 1)
> +
>  # Two separator characters should fail
>  testit_expect_failure "name-to-sid.double-separator" \
>  		      $wbinfo -n $DOMAIN//$DC_USERNAME || \
> diff --git a/selftest/knownfail b/selftest/knownfail
> index 750b5f51e3f..2674aeb560c 100644
> --- a/selftest/knownfail
> +++ b/selftest/knownfail
> @@ -363,3 +363,4 @@
>  ^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
>  ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
>  ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
> +^samba3.wbinfo_name_lookup.Verify DOMAIN/USER output\(ad_member\)
> -- 
> 2.17.0
> 
> 
> From 2f66b8ba63e2979d6a008f248d9523d350fefb62 Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Mon, 11 Mar 2019 15:53:51 -0700
> Subject: [PATCH 2/6] winbind: Query domain from msrpc name_to_sid
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
> 
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/winbindd/winbindd_msrpc.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
> index 203fbc6b56a..69a049556dd 100644
> --- a/source3/winbindd/winbindd_msrpc.c
> +++ b/source3/winbindd/winbindd_msrpc.c
> @@ -226,6 +226,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
>  	enum lsa_SidType *types = NULL;
>  	char *full_name = NULL;
>  	const char *names[1];
> +	const char **domains;
>  	NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
>  	char *mapped_name = NULL;
>  
> @@ -260,7 +261,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
>  	names[0] = full_name;
>  
>  	result = winbindd_lookup_names(mem_ctx, domain, 1,
> -				       names, NULL,
> +				       names, &domains,
>  				       &sids, &types);
>  	if (!NT_STATUS_IS_OK(result))
>  		return result;
> -- 
> 2.17.0
> 
> 
> From 91d81a17e235d64177d2233f490d40f1d4162932 Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Mon, 11 Mar 2019 15:54:21 -0700
> Subject: [PATCH 3/6] winbind: Query domain from winbind rpc name_to_sid
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
> 
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/winbindd/winbindd_rpc.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
> index 6f7cb07f4e3..81f9f98a4bd 100644
> --- a/source3/winbindd/winbindd_rpc.c
> +++ b/source3/winbindd/winbindd_rpc.c
> @@ -254,6 +254,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
>  	struct dom_sid *sids = NULL;
>  	char *full_name = NULL;
>  	const char *names[1];
> +	const char **domains;
>  	char *mapped_name = NULL;
>  	NTSTATUS status;
>  
> @@ -290,7 +291,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
>  					 lsa_policy,
>  					 1, /* num_names */
>  					 names,
> -					 NULL, /* domains */
> +					 &domains,
>  					 1, /* level */
>  					 &sids,
>  					 &types);
> -- 
> 2.17.0
> 
> 
> From 28091bba238f42d74ee1226a1dc69f63488a8f9f Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Mon, 11 Mar 2019 16:11:01 -0700
> Subject: [PATCH 4/6] winbind: Return queried domain name from name_to_sid
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
> 
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/winbindd/winbindd.h               | 1 +
>  source3/winbindd/winbindd_ads.c           | 3 ++-
>  source3/winbindd/winbindd_cache.c         | 2 +-
>  source3/winbindd/winbindd_msrpc.c         | 5 +++++
>  source3/winbindd/winbindd_reconnect.c     | 5 +++--
>  source3/winbindd/winbindd_reconnect_ads.c | 5 +++--
>  source3/winbindd/winbindd_rpc.c           | 5 +++++
>  source3/winbindd/winbindd_rpc.h           | 1 +
>  source3/winbindd/winbindd_samr.c          | 2 ++
>  9 files changed, 23 insertions(+), 6 deletions(-)
> 
> diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
> index 7490d62a705..a72d6aa7830 100644
> --- a/source3/winbindd/winbindd.h
> +++ b/source3/winbindd/winbindd.h
> @@ -225,6 +225,7 @@ struct winbindd_methods {
>  				const char *domain_name,
>  				const char *name,
>  				uint32_t flags,
> +				const char **pdom_name,
>  				struct dom_sid *sid,
>  				enum lsa_SidType *type);
>  
> diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
> index 4b5966dc237..5f20cfb7f76 100644
> --- a/source3/winbindd/winbindd_ads.c
> +++ b/source3/winbindd/winbindd_ads.c
> @@ -558,11 +558,12 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
>  			    const char *domain_name,
>  			    const char *name,
>  			    uint32_t flags,
> +			    const char **pdom_name,
>  			    struct dom_sid *sid,
>  			    enum lsa_SidType *type)
>  {
>  	return msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name,
> -					 flags, sid, type);
> +					 flags, pdom_name, sid, type);
>  }
>  
>  /* convert a domain SID to a user or group name - use rpc methods */
> diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
> index c686089d517..92a5e1d333b 100644
> --- a/source3/winbindd/winbindd_cache.c
> +++ b/source3/winbindd/winbindd_cache.c
> @@ -1820,7 +1820,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
>  
>  	winbindd_domain_init_backend(domain);
>  	status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
> -					      name, flags, sid, type);
> +					      name, flags, NULL, sid, type);
>  
>  	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
>  		NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
> diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
> index 69a049556dd..a086b6103be 100644
> --- a/source3/winbindd/winbindd_msrpc.c
> +++ b/source3/winbindd/winbindd_msrpc.c
> @@ -218,6 +218,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
>  				  const char *domain_name,
>  				  const char *name,
>  				  uint32_t flags,
> +				  const char **pdom_name,
>  				  struct dom_sid *sid,
>  				  enum lsa_SidType *type)
>  {
> @@ -271,6 +272,10 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
>  	sid_copy(sid, &sids[0]);
>  	*type = types[0];
>  
> +	if (pdom_name != NULL) {
> +		*pdom_name = talloc_strdup(mem_ctx, domains[0]);
> +	}
> +
>  	return NT_STATUS_OK;
>  }
>  
> diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
> index 1d0e8e6d472..56741d4670e 100644
> --- a/source3/winbindd/winbindd_reconnect.c
> +++ b/source3/winbindd/winbindd_reconnect.c
> @@ -131,18 +131,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
>  			    const char *domain_name,
>  			    const char *name,
>  			    uint32_t flags,
> +			    const char **pdom_name,
>  			    struct dom_sid *sid,
>  			    enum lsa_SidType *type)
>  {
>  	NTSTATUS result;
>  
>  	result = msrpc_methods.name_to_sid(domain, mem_ctx, domain_name, name,
> -					   flags, sid, type);
> +					   flags, pdom_name, sid, type);
>  
>  	if (reconnect_need_retry(result, domain))
>  		result = msrpc_methods.name_to_sid(domain, mem_ctx,
>  						   domain_name, name, flags,
> -						   sid, type);
> +						   pdom_name, sid, type);
>  
>  	return result;
>  }
> diff --git a/source3/winbindd/winbindd_reconnect_ads.c b/source3/winbindd/winbindd_reconnect_ads.c
> index 0a0a14f6dd0..f77430572d0 100644
> --- a/source3/winbindd/winbindd_reconnect_ads.c
> +++ b/source3/winbindd/winbindd_reconnect_ads.c
> @@ -137,18 +137,19 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
>  			    const char *domain_name,
>  			    const char *name,
>  			    uint32_t flags,
> +			    const char **pdom_name,
>  			    struct dom_sid *sid,
>  			    enum lsa_SidType *type)
>  {
>  	NTSTATUS result;
>  
>  	result = ads_methods.name_to_sid(domain, mem_ctx, domain_name, name,
> -					 flags, sid, type);
> +					 flags, pdom_name, sid, type);
>  
>  	if (reconnect_need_retry(result, domain)) {
>  		result = ads_methods.name_to_sid(domain, mem_ctx,
>  						 domain_name, name, flags,
> -						 sid, type);
> +						 pdom_name, sid, type);
>  	}
>  
>  	return result;
> diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
> index 81f9f98a4bd..e568870e334 100644
> --- a/source3/winbindd/winbindd_rpc.c
> +++ b/source3/winbindd/winbindd_rpc.c
> @@ -247,6 +247,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
>  			 const char *domain_name,
>  			 const char *name,
>  			 uint32_t flags,
> +			 const char **pdom_name,
>  			 struct dom_sid *sid,
>  			 enum lsa_SidType *type)
>  {
> @@ -304,6 +305,10 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
>  	sid_copy(sid, &sids[0]);
>  	*type = types[0];
>  
> +	if (pdom_name != NULL) {
> +		*pdom_name = talloc_strdup(mem_ctx, domains[0]);
> +	}
> +
>  	return NT_STATUS_OK;
>  }
>  
> diff --git a/source3/winbindd/winbindd_rpc.h b/source3/winbindd/winbindd_rpc.h
> index 162f1ef3329..a5cfe77f289 100644
> --- a/source3/winbindd/winbindd_rpc.h
> +++ b/source3/winbindd/winbindd_rpc.h
> @@ -53,6 +53,7 @@ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
>  			 const char *domain_name,
>  			 const char *name,
>  			 uint32_t flags,
> +			 const char **pdom_name,
>  			 struct dom_sid *psid,
>  			 enum lsa_SidType *ptype);
>  
> diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
> index 3727e8fa39f..55626cc67ac 100644
> --- a/source3/winbindd/winbindd_samr.c
> +++ b/source3/winbindd/winbindd_samr.c
> @@ -581,6 +581,7 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
>  				   const char *domain_name,
>  				   const char *name,
>  				   uint32_t flags,
> +				   const char **pdom_name,
>  				   struct dom_sid *psid,
>  				   enum lsa_SidType *ptype)
>  {
> @@ -615,6 +616,7 @@ again:
>  				 domain_name,
>  				 name,
>  				 flags,
> +				 pdom_name,
>  				 &sid,
>  				 &type);
>  
> -- 
> 2.17.0
> 
> 
> From 4f828475316459937936f61077362fa04bd92c6e Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Mon, 11 Mar 2019 16:14:02 -0700
> Subject: [PATCH 5/6] winbind: Use domain name from lsa query for sid_to_name
>  cache entry
> 
> When winbindd is asked to map a name like realm.com\name to a SID ,that
> is sucessfully resolved through the lsa lookup name call. The same call
> also returns the short domain name (netbios name of the domain). Use
> that short domain name for the sid_to_name cache entry, so that
> subsequent sid_to_name queries return the expected netbiosname\name
> result and not realm.com\name.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
> 
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
>  selftest/knownfail                | 1 -
>  source3/winbindd/winbindd_cache.c | 5 +++--
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/selftest/knownfail b/selftest/knownfail
> index 2674aeb560c..750b5f51e3f 100644
> --- a/selftest/knownfail
> +++ b/selftest/knownfail
> @@ -363,4 +363,3 @@
>  ^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
>  ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
>  ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
> -^samba3.wbinfo_name_lookup.Verify DOMAIN/USER output\(ad_member\)
> diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
> index 92a5e1d333b..abdfd11dc53 100644
> --- a/source3/winbindd/winbindd_cache.c
> +++ b/source3/winbindd/winbindd_cache.c
> @@ -1794,6 +1794,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
>  {
>  	NTSTATUS status;
>  	bool old_status;
> +	const char *dom_name;
>  
>  	old_status = domain->online;
>  
> @@ -1820,7 +1821,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
>  
>  	winbindd_domain_init_backend(domain);
>  	status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
> -					      name, flags, NULL, sid, type);
> +					      name, flags, &dom_name, sid, type);
>  
>  	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
>  		NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
> @@ -1855,7 +1856,7 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
>  			}
>  			(void)strlower_m(discard_const_p(char, name));
>  			wcache_save_sid_to_name(domain, status, sid,
> -						domain_name, name, save_type);
> +						dom_name, name, save_type);
>  		}
>  	}
>  
> -- 
> 2.17.0
> 
> 
> From c7414cf281aff13d17d97d3253ae2039f6b9d168 Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Mon, 11 Mar 2019 16:25:42 -0700
> Subject: [PATCH 6/6] nsswitch: Fix usage information of
>  test_wbinfo_name_lookup.sh
> 
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
>  nsswitch/tests/test_wbinfo_name_lookup.sh | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
> index ee8ae11f4b1..6cc52f8094c 100755
> --- a/nsswitch/tests/test_wbinfo_name_lookup.sh
> +++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
> @@ -1,8 +1,8 @@
>  #!/bin/sh
>  # Blackbox test for wbinfo name lookup
> -if [ $# -lt 2 ]; then
> +if [ $# -lt 3 ]; then
>  cat <<EOF
> -Usage: test_wbinfo.sh DOMAIN DC_USERNAME
> +Usage: test_wbinfo.sh DOMAIN REALM DC_USERNAME
>  EOF
>  exit 1;
>  fi
> -- 
> 2.17.0
> 



More information about the samba-technical mailing list